history filter
Restricts the types of activities logged to history files.
Syntax
Syntax Description
no
(Optional) Removes the history filter.
instance
The history instance to be modified. If the specified instance does not exist, it will be created unless the no keyword was also specified. Must be alphanumeric.
string
The filter string.
Defaults
All history events are logged by default.
Usage Guidelines
Using the history filter command, you can restrict the types of activties that are logged to the history files. The filter syntax is:
<field><op><value>[<cong>…]
Field
The field paramater specifies the field with the history records to test. Valid fields are listed below.
Note that the contextual help for this command may list additional field names that are reserved for diagnostic purposes or for future use.
Field names are case-insensitive.
time
The timestamp on the record. The timestamp format for string comparisons is "YYYY-MM-DDTHH:MM:SS.mmm" (e.g., "2024-06-01T19:23:47.316").
type
The record type; one of "associate", "disassociate", "access", "session", or "comment".
count
For "associate" and "disassociate" records, this is a reference count. For session records with the "fin" flag set, it is the session duration in nanoseconds.
flags
A bit field of flags associated with the record. Valid values for Island include "nonrender" (4), "secure" (16), "blocked" (32), "allowed" (64), and "fin" (128).
mac
The source MAC address of the packet or device associated with the record.
ip
The source IP address of the packet or device associated with the record.
port
The source TCP/UDP port number of the packet or device associated with the record.
destIP
The destination IP address of the packet associated with the record.
destPort
The destination TCP/UDP port number of the packet associated with the record.
sourceName
The name of the interface (e.g., "en0") associated with the device on an "associate" or "disassociate" record.
cat
The numerical value of the website category associated with the record. The cat field is a bit mask, and is therefore usually best tested using the "&" operator.
comment
A text string containing miscellaneous information associate with some records.
country
A two-letter code (e.g., "US") representing the country in which the remote IP address is registered.
Op
The comparison operator.
=
Matches if the field value is exactly the same as the comparison value. This can be either a string or a numeric comparson depending on the field and the value.
!=
Matches if the field value is not exactly the same as the comparison value. This can be either a string or a numeric comparson depending on the field and the value.
<
Matches if the field value is numerically less than the comparison value.
<=
Matches if the field value is numerically less than or equal to the comparison value.
>
Matches if the field value is numerically greater than the comparison value.
>=
Matches if the field value is numerically greater than or equal to the comparison value.
&
Performs a bitwise test.
Value
The value to compare against. This can be a string, a regular expression, or a numeric value. Strings must be enclosed in quotes if they contain special characters.
Regular expressions are delineated with a slash (e.g., mac=/^B4:AE:2B/). Regular expressions are valid only with the "=" and "!=" operators.
Cong
Joins multiple comparison expressions together.
| (vertical bar)
Logical "or"
& (ampersand)
Logical "and"
, (comma)
Logical "and"
Examples
Related Commands
Last updated